diff options
Diffstat (limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch')
-rw-r--r-- | libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch deleted file mode 100644 index a1737c0dc..000000000 --- a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch +++ /dev/null @@ -1,25 +0,0 @@ -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 - -diff --git a/src/util.c b/src/util.c -index d8dc3c3..9422fc5 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file) - - void quicktime_read_pascal(quicktime_t *file, char *data) - { -- char len = quicktime_read_char(file); -- quicktime_read_data(file, (uint8_t*)data, len); -- data[(int)len] = 0; -+ int len = quicktime_read_char(file); -+ if ((len > 0) && (len < 256)) { -+ /* data[] is expected to be 256 bytes long */ -+ quicktime_read_data(file, (uint8_t*)data, len); -+ data[len] = 0; -+ } else { -+ data[0] = 0; -+ } - } - - void quicktime_write_pascal(quicktime_t *file, char *data) |